Oracle patches 'sitting duck' database vulns | The Register

Skip to content

Software:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Successful CRM, Fast!
Must-read tips for managers who need a CRM system but haven’t got the time
Server Consolidation and Containment
With Virtual Infrastructure
Enabling the Data Center Metamorphosis
From Fixed To Fluid
Gartner Report: How IT Management Can "Green" the Data Center
Establishing energy efficiency

The Register » Software » Applications »

Oracle patches 'sitting duck' database vulns

Apply or be own3d

By John Leyden → More by this author

Published Wednesday 16th April 2008 10:47 GMT

How IT Management Can "Green" the Data Center - Free Download

Oracle posted 41 patches on Tuesday as part of its regular quarterly patching cycle, with core database vulnerabilities being heavily represented.

The patch batch covers 17 updates for Oracle Database products, 11 updates for Oracle E-Business Suite, three updates for Oracle PeopleSoft Enterprise products, along with six updates for Oracle Siebel SimBuilder products, among others. The load is less than previous security updates, but their impact on key vulnerable databases (in particular) is potentially serious, security watchers warn.

Slavik Markovich, CTO of database security software firm Sentrigo, explained: "It looks like the number of affected database components is larger this time than previous times, including patches in the core RDBMS engine and query optimiser... I can see advanced queuing in there. An endless source for SQL Injections and buffer overflows.

"Two of the vulnerabilities can be remotely exploited without authentication, which basically means that your database is a sitting duck unless you deploy this patch. The last we saw of those was, I believe, six months ago," he added.

Oracle's bulletin can be found here. A summary from security clearing house US CERT can be found here. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

2 comments posted — Comment period finished

So...

Posted: 11:25 16th April 2008

Patching is a fact of IT life

Posted: 11:55 16th April 2008

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Oracle warns over unpatched vuln (29 July 2008)
Oracle preps summer patch cluster (11 July 2008)
Making sense of Salesforce.com (15 May 2008)
New attack technique threatens databases (28 April 2008)
Cisco hops onto patching treadmill (6 March 2008)
Databases still open to basic attack (15 November 2007)
Zero-day bug hangs over Oracle database (9 November 2007)
Oracle's mega-patch shuts 101 doors (18 October 2006)
Oracle in war of words with security researcher (26 January 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

Gartner Paper: US Data Centers - The Calm Before the Storm

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..

whitepaper title

Making Green IT a Reality

Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers.

Whitepapers	Jobs
Mobile Security Live Migration with AMD-V™ Extended Migration Technology Make the move from Unix to Linux Managing the Performance and Availability of .NET Applications	We Are Still Hiring Experienced Perl Developers! mod-Perl Developer PERL Programmer for Print/Mail outsource provider Network Tools/Programmer Analyst - Perl/Expect PERL / SQL

Developer Headlines

The UK's latest developer news from MSDN

All of today's stories

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search